Bug 29102 - libx11 regression caused by CVE-2021-31535 fix
Summary: libx11 regression caused by CVE-2021-31535 fix
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL:
Whiteboard: MGA7TOO MGA8-64-OK MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2021-06-10 20:19 CEST by David Walser
Modified: 2021-07-10 14:58 CEST (History)
5 users (show)

See Also:
Source RPM: libx11-1.7.0-1.1.mga8.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2021-06-10 20:19:30 CEST
libX11 1.7.2 has been released on June 6:
https://lists.x.org/archives/xorg-announce/2021-June/003092.html

It fixes a regression from the CVE fix in 1.7.1, which also affected the backported patches.

openSUSE has issued an advisory for this on June 9:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6WUBWGS6GPACWAIGOVLE7UDHZ4HSXZVC/

Mageia 7 and Mageia 8 are also affected.
David Walser 2021-06-10 20:19:48 CEST

Whiteboard: (none) => MGA8TOO, MGA7TOO
Status comment: (none) => Fixed upstream in 1.7.2, patch available from openSUSE

Comment 1 Lewis Smith 2021-06-10 20:46:57 CEST
'libx11' has no registered nor consistent maintainer, so assigning this to everybody.

Assignee: bugsquad => pkg-bugs

Comment 2 Nicolas Salguero 2021-06-29 09:58:00 CEST
Suggested advisory:
========================

The updated packages fix a regression caused by CVE-2021-31535 fix.

References:
https://lists.x.org/archives/xorg-announce/2021-June/003092.html
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6WUBWGS6GPACWAIGOVLE7UDHZ4HSXZVC/
========================

Updated packages in core/updates_testing:
========================
lib(64)x11-xcb1-1.7.0-1.2.mga8
lib(64)x11_6-1.7.0-1.2.mga8
lib(64)x11-devel-1.7.0-1.2.mga8
libx11-common-1.7.0-1.2.mga8
libx11-doc-1.7.0-1.2.mga8

from SRPM:
libx11-1.7.0-1.2.mga8.src.rpm

CC: (none) => nicolas.salguero

Comment 3 Nicolas Salguero 2021-06-29 13:42:30 CEST
Suggested advisory:
========================

The updated packages fix a regression caused by CVE-2021-31535 fix.

References:
https://lists.x.org/archives/xorg-announce/2021-June/003092.html
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6WUBWGS6GPACWAIGOVLE7UDHZ4HSXZVC/
========================

Updated packages in 7/core/updates_testing:
========================
lib(64)x11-xcb1-1.6.12-1.2.mga7
lib(64)x11_6-1.6.12-1.2.mga7
lib(64)x11-devel-1.6.12-1.2.mga7
libx11-common-1.6.12-1.2.mga7
libx11-doc-1.6.12-1.2.mga7

from SRPM:
libx11-1.6.12-1.2.mga7.src.rpm

Updated packages in 8/core/updates_testing:
========================
lib(64)x11-xcb1-1.7.0-1.2.mga8
lib(64)x11_6-1.7.0-1.2.mga8
lib(64)x11-devel-1.7.0-1.2.mga8
libx11-common-1.7.0-1.2.mga8
libx11-doc-1.7.0-1.2.mga8

from SRPM:
libx11-1.7.0-1.2.mga8.src.rpm

Status: NEW => ASSIGNED
Source RPM: libx11-1.7.0-2.mga9.src.rpm => libx11-1.7.0-1.1.mga8.src.rpm
Status comment: Fixed upstream in 1.7.2, patch available from openSUSE => (none)
Whiteboard: MGA8TOO, MGA7TOO => MGA7TOO
Version: Cauldron => 8
Assignee: pkg-bugs => qa-bugs

Comment 4 Ulrich Beckmann 2021-07-05 20:42:08 CEST
Tested on a Sony Vaio E Series notebook KDE Plasma x86_64.
No regression found.

Installed Packages
lib64x11-devel.x86_64                                                      1.7.0-1.2.mga8                                                      @mga8_updates_testing-29102
lib64x11-xcb1.x86_64                                                       1.7.0-1.2.mga8                                                      @mga8_updates_testing-29102
lib64x11_6.x86_64                                                          1.7.0-1.2.mga8                                                      @mga8_updates_testing-29102
libx11-common.x86_64                                                       1.7.0-1.2.mga8                                                      @mga8_updates_testing-29102
libx11-doc.noarch                                                          1.7.0-1.2.mga8                                                      @mga8_updates_testing-29102

[root@mga8-test ~]# lspci -nnk | grep -iA3 vga
01:00.0 VGA compatible controller [0300]: Advanced Micro Devices, Inc. [AMD/ATI] Thames [Radeon HD 7550M/7570M/7650M] [1002:6841]
        Subsystem: Sony Corporation Device [104d:90ac]
        Kernel driver in use: radeon
        Kernel modules: radeon

CC: (none) => bequimao.de

David Walser 2021-07-08 22:51:16 CEST

Whiteboard: MGA7TOO => MGA7TOO MGA8-64-OK

Comment 5 Herman Viaene 2021-07-09 11:30:35 CEST
MGA7-64 Plasma on Lenovo B50
No installation issues.
Rebooted after installation, all seems to work OK.
Ref bug 27030  Comment 5, I had the same crash 
$ xviewer 

(xviewer:12112): GLib-GIO-ERROR **: 11:22:34.004: Settings schema 'org.cinnamon.desktop.thumbnailers' is not installed
Trace/breakpoint trap (core dumped)
but

$ strace -o xview.txt xview gedraaid.jpg
gedraaid.jpg is a 3456x4608 JPEG image, color space YCbCr, 3 comps., Huffman coding
  Building XImage...done
shows the picture OK and the trace has reference to libX11.so
So Good enough for me.

CC: (none) => herman.viaene
Whiteboard: MGA7TOO MGA8-64-OK => MGA7TOO MGA8-64-OK MGA7-64-OK

Comment 6 Thomas Andrews 2021-07-09 16:13:35 CEST
Validating, on the assumption that this is OK without specific i586 tests. Advisory in Comment 3.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Thomas Backlund 2021-07-10 12:26:09 CEST

Keywords: (none) => advisory

Comment 7 Mageia Robot 2021-07-10 14:58:18 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGAA-2021-0149.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.